Post by: RaZoR1394 on 10 June 2005, 08:51
There is obviously a very nasty image size bug in Windows (even XP SP2) together with IE, FF or Mozilla. Opera however seems to be immune to this.
Here is the sample code that makes the comp crash.
Code: [Select]
![]("./sweetydead.jpg")
-----------------------------------------------------------------
CAUTION! THE LINK UNDERNEATH WILL CRASH THE COMP IF YOU USE WINDOWS!
-----------------------------------------------------------------
HERE (http://winboot.mine.nu) is a site where they have tried the bug.
-----------------------------------------------------------------
CAUTION! THE LINK ABOVE WILL CRASH THE COMP IF YOU USE WINDOWS!
------------------------------------------------------------------
If you have disabled "automatically restart" it will show a bluescreen, else it will reboot. I've only got access to Windows via a Vmware virtual machine with a fully updated XP SP2 copy and it gave me a bluescreen after totally locking up the VM.
Well this is totally rediculous. Crashing the computer because of unrealistic image size. HAHHAAHHAHA!
edit: I tried the winboot page on my main Gentoo comp and it just showed a flat green pic. :thumbup:
Post by: RaZoR1394 on 10 June 2005, 09:01
And HERE (http://www.heise.de/newsticker/meldung/60433) is a confirmed report at Heise (German).
Post by: TB on 10 June 2005, 10:48
Post by: RaZoR1394 on 10 June 2005, 11:50
HERE's (http://upl.silentwhisper.net/uplfolders/upload8/image_buffer_overflow.png) a shot I took in vmware.
Microsoft are already releasing 7 security fixes on Tuesday I think. Maybe they won't have time to fix this one.
Post by: Orethrius on 10 June 2005, 12:19
EDIT: I experienced some slowdown on a P4 2.6HT, but that's about it. No crashes, no BSoDs, no automatic reboots (though that may be because I've had that disabled since Sasser). Is there any particular reason why we're expecting a reasonable benchmark from the lowest common denominator (a $30 Windows OS)?
Quote from: toadlife
I won't be losing any sleep over it.
Me either.
Quote from: toadlife
My wifes is a GeForce3, and bluescreen references an infinite loop happening with the nvidia driver. I'm wondering if this is nothing bug a bug with Nvidia's drivers.
I would surmise as much, I'm using the onboard video that came with the mobo, an Asus P4P800-VM (according to Everest, it's an Intel 82865G Graphics Controller, and may I add Myst IV fucking kicks ass on it).
Post by: toadlife on 10 June 2005, 12:22
Quote from: RaZoR1394
Yup, also much worse than Sasser and MSblast. Trust me, this will be used in a lot of websites just to f*ck people up.
It's NOT worse than Blaster. Blaster was a self propogating worm that executed code on remote systems. This simply exploits a bug in the image rendering code, (or maybe the kernel's handling of graphics drivers?), and crashes the OS.
Quote from: RaZoR1394
Microsoft are already releasing 7 fixes om Tuesday I think. Maybe they won't have time to fix this one.
I won't be losing any sleep over it.
Post by: toadlife on 10 June 2005, 12:31
Quote from: Orethrius
Apparently not an issue in XP Pro SP2 running Firefox 1.0.4 - my dad has the laptop out-of-state until Saturday, so I'm stuck running the Beast. Meh, at least it has a tuner card to make up for its shortcomings. :cool:
Interesting. It crashed my wife's XP Pro SP2 box with Firefox 1.0.4. What type of graphics card is in the machine you have?
My wifes is a GeForce3, and bluescreen references an infinite loop happening with the nvidia driver. I'm wondering if this is nothing bug a bug with Nvidia's drivers.
Post by: TB on 10 June 2005, 12:34
Post by: RaZoR1394 on 10 June 2005, 12:36
Quote from: TB
I'm running Firefox 1.0.4 on SP1 and I didnt even get a BSOD......it simply froze then rebooted. And I just happened to do this while burning a DVD
Quote from: "*ME*"
If you have disabled "automatically restart" it will show a bluescreen, else it will reboot.
:rolleyes:
Post by: toadlife on 10 June 2005, 12:37
Right click on my computers, click on properties, and find the "start up and recovery" section
Post by: toadlife on 10 June 2005, 12:38
"RTFT"
Post by: RaZoR1394 on 10 June 2005, 12:38
Quote from: toadlife
It's NOT worse than Blaster. Blaster was a self propogating worm that executed code on remote systems. This simply exploits a bug in the image rendering code, (or maybe the kernel's handling of graphics drivers?), and crashes the OS.
You're right but I was more thinking of being able to do a "shutdown -a" in the prompt to prevent msblast/sasser. With this bug it totally locks up the comp and reboots/shows bluescreen.
Also, I think this has a lot to do with RAM. Some people who have a lot of ram report the bug just locking the comp up instead of reboot/show bluescreen.
Post by: toadlife on 10 June 2005, 12:41
Post by: toadlife on 10 June 2005, 12:43
Quote from: TB
And I just happened to do this while burning a DVD
Why would you click on that link if you were doing something important at the time?
Post by: RaZoR1394 on 10 June 2005, 12:47
Post by: solemnwarning on 10 June 2005, 15:04
1. music stopped (winamp)
2. could not click anything
3. machine started beeping
4. bsod & reboot
i knew windows was shit but i didnt think it was possible to be this bad :rolleyes:
Post by: Lord C on 10 June 2005, 16:25
I had to try it out, and I was shocked when it worked.
That really is poor.
Post by: toadlife on 10 June 2005, 20:37
Quote from: solemnwarning
Just tested it on my winshit box for testing expliots...:rolleyes:
Box for testing exploits? Are you one of those script kids who likes to try and own Windows boxes?
Post by: WMD on 10 June 2005, 20:46
Post by: Aloone_Jonez on 10 June 2005, 20:50
This is the first time my XP system has hung since I've fixed the graphics driver problem.
Not long ago muzzy was bitching about a bug like this in Firefox, I wonder what he has to say about this? :D
Isn't the bug either in the kernel or the NT equivalent of the X window system?
What's the betting Microsoft won't patch the operating system and just patch Internet Explorer to get round the problem and fuck all the alternative browser lusers.
What's also funny is MS paint isn't affected by this, if you set the image attributes to 9999999, 9999999 then an error message is displayed. :D
Post by: toadlife on 10 June 2005, 20:50
Quote from: WMD
Windows 2000 SP4 (Firefox 1.0.4) didn't crash at all.
How much memory, and what graphics card?
Post by: WMD on 10 June 2005, 21:10
Video: VMware SVGA ;)
Post by: toadlife on 10 June 2005, 21:24
Orethius' machine didn't crash and he's not using an NVidia card.
How about the rest of you who's machines crashed when you tried it....are you guys running NVidia cards?
Post by: WMD on 10 June 2005, 22:01
Post by: RaZoR1394 on 10 June 2005, 22:04
Post by: RaZoR1394 on 10 June 2005, 22:10
Looks like kernel or driver issue. Still if It's a driver issue It's the fault of Windows because it lets the graphics driver run on "ring 0" (kernel level) which is idiotic. In other systems graphics drivers run on "ring 3" for ex X.
Post by: toadlife on 10 June 2005, 22:54
Chipset driver issue perhaps?
Post by: MarathoN on 10 June 2005, 23:05
I also got people with ATI cards to test it, and their system either hung or rebooted, although one of those people has an NForce chipset.
Post by: RaZoR1394 on 10 June 2005, 23:27
Post by: toadlife on 10 June 2005, 23:40
Quote from: RaZoR1394
Looks like kernel or driver issue. Still if It's a driver issue It's the fault of Windows because it lets the graphics driver run on "ring 0" (kernel level) which is idiotic. In other systems graphics drivers run on "ring 3" for ex X.
Dude, there are drivers in linux run at ring0. If they cause a kpanic will you blame linux?
Post by: Aloone_Jonez on 11 June 2005, 00:45
Secondly it can't be a graphics driver problem because it affects a verity of graphics cards I for example have a S3 pro savage and have exactly the same symptoms when I click on the link.
It must be a major flaw in the NT kernel or whatever NT uses as instead of the X Window system, there is simply no other way this could affect so many different hardware configurations.
I hope Microsoft do a decent job of fixing it.
Fuck it, I hope everyone gets pissed off with Windows and finds a suitable alternative like Linux, BSD or even BeOS for fuck sake and the industry start to support that OS, but that'll never happen anyway/
Post by: toadlife on 11 June 2005, 01:20
Quote from: Aloone_Jonez
Fuck it, I hope everyone gets pissed off with Windows and finds a suitable alternative like Linux, BSD or even BeOS for fuck sake and the industry start to support that OS, but that'll never happen anyway/
Probbaly won't happen, since the vast majority of users will never even know this flaw existed.
Post by: Aloone_Jonez on 11 June 2005, 01:39
Post by: Jenda on 11 June 2005, 02:08
Post by: WMD on 11 June 2005, 03:00
Quote
It must be a major flaw in the NT kernel or whatever NT uses as instead of the X Window system,
Those things you mention are one and the same. The NT kernel is the "X Window system," in that it draws the base graphics. You still need explorer.exe to do anything useful...but still, this flaw must be in the kernel.
Post by: mobrien_12 on 11 June 2005, 03:03
Post by: Orethrius on 11 June 2005, 03:19
(1) Which Operating System (full version here, plus SP if Windows) did you test?
(2) Were the patches up-to-date?
(3) Which browser were you using?
(4) What kind of graphics card do you have?
(5) What were you doing when the crash occured?
I believe this is a kernel issue as well, but I may be wrong so it's a good idea to trace it back as far as possible.
Post by: MrX on 11 June 2005, 04:23
note- i was able to make my FF crash on BeOS by making a html file with 10000 pop ups on it. i would like to see what happens on winshit.
Post by: Lead Head on 12 June 2005, 18:33
Post by: muzzy on 12 June 2005, 18:40
It doesn't really eat memory, just cpu. Huge loads of cpu. The whole thing makes me think this is an issue with GDI. Stuff just doesn't make sense here.
It's a serious issue anyway, I'll look into it a little.
Post by: Lead Head on 12 June 2005, 18:45
Post by: muzzy on 12 June 2005, 20:07
So, the image itself is 400x300, but since the page requests it as huge, the system will ask GDI to resize it to 9999999x9999999. This happens everytime the window is redrawn. For reasonable resizes, this would be fine, however here it is not.
I'd have to look at the actual implementation of the thing, but right now it looks like it's issue with GDI, and perhaps with driver implementation of the stretching support as well.
Post by: MrX on 12 June 2005, 20:44
Post by: Jenda on 12 June 2005, 22:15
Post by: toadlife on 13 June 2005, 19:49
Could it be that a bug in GDI is causing an infinte loop situation, which "tricks" the Windows kernel into thinking the video driver is in an infinite loop?
Post by: Aloone_Jonez on 13 June 2005, 20:34
Post by: Shiver on 13 June 2005, 23:34
Choking it with a picture resized too large feels so... simple. One would think something like this would have been found ages ago. :o
Post by: WMD on 14 June 2005, 01:43
Quote from: Aloone_Jonez
Grapshics Device Interface, isn't this what Windows uses instead of the X-window system as I origionally thought?
Yes, and it runs in kernel mode.
Post by: Combustible on 14 June 2005, 19:42
(it doesnt actually crash. let it sit long enough and it will recover unless the pc goes down under the strain)
the browser is being told to prep a 9999999x9999999 space for an image. thats 99999980000001 pixels.
thats a lot of pixels. an image of 262144x262144 is half a terabyte according to the gimp
you got a pc that can handle several orders of magnitude larger file sizes? probably not. if you try and render this, here is what happens:
1. it allots the space
2. it freaks out
3. it seems to lock up but really is just working super hard
4. your pc will go down if its not stable to begin with
im typing this on IE6 XPSP2 after having opened the link. it took me a while to get the mouse over the X to close the window and free up my pc, but i did it.
woo.
Post by: Refalm on 14 June 2005, 19:47
Quote from: Combustible
you are reading way too much into it, this isnt a bug the computer is doing what its supposed to do. maybe there should be some safeguards to stop it from trying to do that but thats not relevant right now, this is why is "crashes"
(it doesnt actually crash. let it sit long enough and it will recover unless the pc goes down under the strain)
the browser is being told to prep a 9999999x9999999 space for an image. thats 99999980000001 pixels.
thats a lot of pixels. an image of 262144x262144 is half a terabyte according to the gimp
you got a pc that can handle several orders of magnitude larger file sizes? probably not. if you try and render this, here is what happens:
1. it allots the space
2. it freaks out
3. it seems to lock up but really is just working super hard
4. your pc will go down if its not stable to begin with
im typing this on IE6 XPSP2 after having opened the link. it took me a while to get the mouse over the X to close the window and free up my pc, but i did it.
woo.
It's also a browser issue. Opera simply displayed the image smaller, and didn't render the full 9999999x9999999.
The image they used for the hack is pretty cool:
sweetydead.jpg (http://kamelopedia.mormo.org/images/d/db/Sweetydead.jpg)
Down with Jamba!
Post by: toadlife on 14 June 2005, 19:54
Post by: RaZoR1394 on 14 June 2005, 23:29
Quote from: Combustible
you are reading way too much into it, this isnt a bug the computer is doing what its supposed to do. maybe there should be some safeguards to stop it from trying to do that but thats not relevant right now, this is why is "crashes"
(it doesnt actually crash. let it sit long enough and it will recover unless the pc goes down under the strain)
the browser is being told to prep a 9999999x9999999 space for an image. thats 99999980000001 pixels.
thats a lot of pixels. an image of 262144x262144 is half a terabyte according to the gimp
you got a pc that can handle several orders of magnitude larger file sizes? probably not. if you try and render this, here is what happens:
1. it allots the space
2. it freaks out
3. it seems to lock up but really is just working super hard
4. your pc will go down if its not stable to begin with
im typing this on IE6 XPSP2 after having opened the link. it took me a while to get the mouse over the X to close the window and free up my pc, but i did it.
woo.
Off course It's a bug as the computer won't even lag when using GNU/Linux och *BSD.
Post by: MrX on 15 June 2005, 00:18
Quote from: Combustible
you are reading way too much into it, this isnt a bug the computer is doing what its supposed to do. maybe there should be some safeguards to stop it from trying to do that but thats not relevant right now, this is why is "crashes"
(it doesnt actually crash. let it sit long enough and it will recover unless the pc goes down under the strain)
the browser is being told to prep a 9999999x9999999 space for an image. thats 99999980000001 pixels.
thats a lot of pixels. an image of 262144x262144 is half a terabyte according to the gimp
you got a pc that can handle several orders of magnitude larger file sizes? probably not. if you try and render this, here is what happens:
1. it allots the space
2. it freaks out
3. it seems to lock up but really is just working super hard
4. your pc will go down if its not stable to begin with
im typing this on IE6 XPSP2 after having opened the link. it took me a while to get the mouse over the X to close the window and free up my pc, but i did it.
woo.
sort of like what happens when you take a cpu intensive program like cpuburn and run two at once? or one at 'realtime' priority?
Mr X
Post by: Aloone_Jonez on 15 June 2005, 02:28
Quote from: RaZoR1394
Doesn't look like a nVidia issue. I've heard from a lot of people who have gotten the bluescreen or reboot with ATI cards. Some with nVidia cards also only get slowdowns and not BSOD/reboot.
Looks like kernel or driver issue. Still if It's a driver issue It's the fault of Windows because it lets the graphics driver run on "ring 0" (kernel level) which is idiotic. In other systems graphics drivers run on "ring 3" for ex X.
I've just realised what you meant, Windows is silly for running its Windowing system in kernel mode while the UNIX X-window system runs in user mode.
Well I can see your point but Windows NT is a purely graphical OS, it doesn't have a text mode like UNIX does. When X crashes under Linux it's just as bad as it takes out all X programs ie OpenOffice so still I loose my work anyway, though this has only happened to me on Redhat 9.0 though.
Post by: Combustible on 15 June 2005, 14:15
Quote from: RaZoR1394
Off course It's a bug as the computer won't even lag when using GNU/Linux och *BSD.
technically no, a bug is when something doesnt work... you cant compare behavior of windows to *nix as a basis for calling it a bug, those are two very different codebases. this is working as it was designed to work, it just needs safeguards to prevent it from trying to do what its being told to do.
i would therefore call it an exploit. a rather useless one but still an exploit.
Post by: RaZoR1394 on 15 June 2005, 18:33
Quote from: Combustible
technically no, a bug is when something doesnt work... you cant compare behavior of windows to *nix as a basis for calling it a bug, those are two very different codebases. this is working as it was designed to work, it just needs safeguards to prevent it from trying to do what its being told to do.
i would therefore call it an exploit. a rather useless one but still an exploit.
I just call everything that doesn't work a bug. So don't take my word seriously. You're very right about that. It's similar to the DDOS problem where for ex the web server just does what it is supposed to do. On the other hand you can have safeguards for it or special firewall features. I have howewer just started learning about security problems so I'm not so experienced with it.
Post by: Combustible on 15 June 2005, 23:18
Post by: Aloone_Jonez on 16 June 2005, 00:17
This is a bug in the operating system, even if the browser is as buggy as hell this system shouldn't crash.
Post by: toadlife on 16 June 2005, 03:04
Quote from: Aloone_Jonez
May be so, but a decent operating system shouldn't let a program running in ring 3 bring down the system.
No it shouldn't (http://www.microsuck.com/forums/showthread.php?t=8988).
But all operating systems have this funny way of finding out new and different ways of sucking every day.
Post by: muzzy on 16 June 2005, 18:50
Quote from: Aloone_Jonez
Windows is silly for running its Windowing system in kernel mode while the UNIX X-window system runs in user mode.
Indeed, but there's a good reason for it, too. Well, kinda. The issue is system call latency. The windows architecture is actually designed so that all the subsystems are separate processes and couldn't crash the kernel, but there's a big issue with it. Since the communication mechanism between application and the subsystem is a plain client/server model, it means that both are scheduled and threaded normally. The client makes a request, to which the subsystem must respond in a different process, and then return operation back to the first process. Since windows quantum size is typically 25 milliseconds, under 100% cpu load this would be a serious issue, as all system calls could take 50 milliseconds to complete. This isn't acceptable.
In the original NT design, there was a hack to implement it. Two special system interrupts to do ordered fashion context switching, to call another process and then return, without scheduling. However, it was a hack, and MS wanted to replace it. So, portions of different parts of win32 subsystem got moved into kernel, for faster access. In my opinion, this was a bad choice, at least in hindsight. Modern systems are already so fast that 25ms quantums are insanely long, especially for workstation use. I'd rather have 1ms quantums or even shorter for desktop systems, and possibly a different kind of RPC mechanism for controlled context switching.
So, it's running in kernel for performance reasons. Which IMO could be better solved in other ways.
Post by: WMD on 16 June 2005, 19:59
Post by: Aloone_Jonez on 16 June 2005, 20:13
If was separated from the kernel and it crashed what would happen?
Surly it would take out all graphical programs and as NT is mostly grahical anyway you'd loose anything worth while.
Post by: microchip on 29 June 2005, 02:30
SWEET!
Post by: ksym on 9 July 2005, 16:10
Quote from: Aloone_Jonez
I've just realised what you meant, Windows is silly for running its Windowing system in kernel mode while the UNIX X-window system runs in user mode.
Well I can see your point but Windows NT is a purely graphical OS, it doesn't have a text mode like UNIX does. When X crashes under Linux it's just as bad as it takes out all X programs ie OpenOffice so still I loose my work anyway, though this has only happened to me on Redhat 9.0 though.
Hmm. What about my Linux with nVidia graphics driver?
AFAIK, the nvidia x-subsystem is in two parts:
1) userland component, TLS links that make the
"nvidia" x-driver
2) kernel component, the 'nvidia' kernel module,
which is either modprobed when X starts, or manually
loaded before X.
So does this mean that the driver component actually
runs in "ring 0", while X-server
(and the nvidia's TLS component) itself runs in usermode?
And doesn't this make my Linux-box as unstable as
as the nvidia-kernel module is?
Post by: MrX on 12 July 2005, 18:29
Post by: piratePenguin on 12 July 2005, 22:05
Quote from: MrX
remember when kintaro got IE to work in Linux? well he should test IE from inside that and see if something crashesHOLY CRAP MRX HAD A GOOD IDEA!
I believe Kintaro has you on ignore, but now he can read the quote (I apolagise in advance Kintaro, if I have destroyed your wonderful 'browsing Microsuck free from Mr. X' era).
I'd says it won't crash. I'd guess it's not an IE fault, but an OS/resource management fault... That's just a guess.
Post by: KernelPanic on 13 July 2005, 00:25
Hence for this to crash Linux, X11 or the Linux kernel would have to have the same memory handling issues as the Windows GDI. We know they don't because viewing this bit of HTML under native Linux browsers does not cause a crash/panic/unexpected behavior.
Post by: BeOSUser on 15 July 2005, 18:44
Post by: burz on 19 July 2005, 20:44
Quote from: BeOSUser
They took the site down now becuase of too many visitors. Too bad.
Yeah I know . Thats why I did another just for fun.
http://crashwindows.tk/
My site suck I know , It took me 5 min to do it and i dont plan add more :D
Post by: MrX on 19 July 2005, 22:12
Quote from: burz
Yeah I know . Thats why I did another just for fun.
http://crashwindows.tk/
My site suck I know , It took me 5 min to do it and i dont plan add more :D
Quote
WARNING : Your computer will crash no mather what is your Windows current version and even if your using firefox your not immune.
you a surely an idiot. Opera is totally fine, running on win98. Firefox is also totally fine (deer park alpha 1) that even makes you MORE of an IDIOT.
friendly advice: change what you wrote on your webpage or else the whole world is going to be calling you an idiot.
but- keep up this page, add more things like insane popup test (i crashed firefox with 10000 popups) IE tricks, other things that go against IE and crash it. Then the fun begins.
(http://pages.infinit.net/landz/bsod.gif)
Mr X
Post by: burz on 20 July 2005, 02:45
I dont understand why you have to treat me as a idiot to tell me that I write something wrong ? That was my first time on this forum and surely this reply is the last one. Because of you I found that this community suck.:thumbdwn:
fuck off:fu:
Post by: adiment on 20 July 2005, 04:03
:( I wanted a BSOD.
edit: I see some people had trouble with it freezing things for a while... but it works fine here.
Post by: MrX on 20 July 2005, 07:00
Quote from: burz
Well Thanks a lot for this nice reply. As I say , I dont really care about this page , i did it only for the fun of it. I will change my warning and by the same time I will surely change the link of this site on my page.
I dont understand why you have to treat me as a idiot to tell me that I write something wrong ? That was my first time on this forum and surely this reply is the last one. Because of you I found that this community suck.:thumbdwn:
fuck off:fu:
I usually give all new members a warm greeting. that's just the test . you have passed it and can now be a productive member. :)
Post by: Orethrius on 20 July 2005, 08:40
He's in no size, shape, or form representative of any HUMAN contacts on this board.
That being said, I strongly suspect he's an artificial intelligence gone horribly wrong.
If we were in Africa, I'd feed him to the bloody lions.
There, X, how do your greetings go again? :p
Post by: DBX_5 on 20 July 2005, 14:59
Post by: MrX on 20 July 2005, 18:02
Quote from: Orethrius
Yeah, Burz, don't mind X.
He's in no size, shape, or form representative of any HUMAN contacts on this board.
That being said, I strongly suspect he's an artificial intelligence gone horribly wrong.
If we were in Africa, I'd feed him to the bloody lions.
There, X, how do your greetings go again? :p
I don't know sometimes Im just to hardcore for these softies
Post by: skyman8081 on 21 July 2005, 05:08
Post by: MrX on 21 July 2005, 07:23
Post by: skyman8081 on 21 July 2005, 07:27
Quote from: MrX
for a moderator that's pretty immature to say something like that.
I'm not a mod.
Post by: Aloone_Jonez on 21 July 2005, 10:00
MrX, as nobody here likes you why don't you just fuck off to your other Micro$ucks forums?
Post by: Bossieman on 21 July 2005, 19:04
Quote from: Hajiku Flip
For the record, this link totally fvcked my computer. It froze at first and the mobo started making weird noises. Then I restarted and it would freeze on the desktop screen, with none of my shortcuts appearing. Things started going downhill with drives showing up missing, windows repair installs messing up, etc etc.
I ended up having to wipe EVERYTHING and now I have a fresh copy of windows.
:(
But they used another link that is founded on this page
http://www.dd.chalmers.se/~sandvik/winie.html
So it seams like some windows computers have serious problems. But not all. Does anyone know why some windows computers collapses and other doesnt?
Post by: Pathos on 7 August 2005, 09:05
I suppose it just ran out of memory :). Probably attempted to allocate loads of Virtual Memory to make up for it.
This is so stupid. I'm pretty sure the Linux Kernel kills/suspends a process if this happens, my lecturer attempted to overrun the stack but the kernel builders were too smart for him. However this is a heap problem.